An Update on Composer and Packagist Supply Chain Security
Source: News.Ycombinator
Published:
<p>The last months, and even more so the last weeks, saw an increasing amount of software supply chain attacks targeting open-source ecosystems. A handful of these have hit the PHP ecosystem too, via taken-over GitHub accounts and stolen access tokens that let attackers publish new tags on packages